Sponsored White Papers, Webcasts, and Downloads
TechRepublic Resources
- Does IT security really need more whistle-blowers?
- The fact you disagree with management's interpretation of risk, and the security controls they refuse to implement, does not necessarily constitute corporate negligence. Weigh your options carefully if you're inclined to report your boss to an outside agency. by Tom Olzak
- Tags: IT Security, Financial, Information Technology, Professional Development, Financial Accounting, Security, Career, Finance, Tom Olzak
- Blog posts 2008-07-16
- Security Tools: Sun's VirtualBox
- Using Sun Microsystems' VirtualBox, Linux security tools and threat testing can be executed on a Windows platform. And the cost is right. VirtualBox is an open-source solution. by Tom Olzak
- Tags: Innotek VirtualBox, Ubuntu, Sun Microsystems Inc., Window, Tool, Security Tool, Desktop Virtualization, Linux, Open Source, Operating Systems, Software, Tom Olzak
- Blog posts 2008-07-14
- Employees want to do the right thing... so help them
- Your employees want to do the right thing, but their humanity often gets in the way. Technical safeguards can help them, and your network, stay safe. by Tom Olzak
- Tags: Employee, Security, Tom Olzak
- Blog posts 2008-07-08
- Forensics: Text messaging privacy
- A recent U.S. Federal court ruling seems to prohibit employer access to employee text message content. But that's not entirely true. by Tom Olzak
- Tags: Employee, Privacy, Text Messaging, Business Services, Groupware, Telecom & Utilities, Security, Enterprise Software, Software, Tom Olzak
- Blog posts 2008-07-07
- Five things IT can do to prepare for e-discovery
- Failure to prepare for inevitable e-discovery requests can result in the court levying imposing sanctions. Attention to a short list of preparation tasks can help make dealing with discovery issues less challenging. by Tom Olzak
- Tags: Sanction, Information Technology, Discovery, Electronically Stored Information, Retention Policy, Messaging Discovery, Groupware, Enterprise Software, Software, Tom Olzak
- Blog posts 2008-07-07
- Security Management Tip: Inspect what you expect
- Never assume your security team is focused on the same things you are. Take every opportunity to ensure they are following the path you laid out. If not, course correct, course correct, course correct... by Tom Olzak
- Tags: Team, Security Management, Security, Tom Olzak
- Blog posts 2008-07-02
- What every IT manager should know about e-discovery
- The key to surviving e-discovery requests is preparation based on knowledge of what is expected, what is considered reasonable, when asked to locate and provide electronically stored information. by Tom Olzak
- Tags: Discovery, Information, Electronically Stored Information, Spoliation, Storage, Productivity, Hardware, Tom Olzak
- Blog posts 2008-06-30
- Ethics vs. Whitewash
- Security doesn't happen by wishful thinking. It takes hard work, commitment, and management support. Doing the right thing isn't always easy, but we should expect it from those to whom we entrust our information. by Tom Olzak
- Tags: Ethics, Security, Tom Olzak
- Blog posts 2008-06-30
- Free security tools: Secunia Personal Software Inspector
- Making sure applications in new or existing endpoint system images are free from unpatched vulnerabilities is not an easy task. Secunia provides a free utility to help identify and quickly remediate out-of-date or EOL programs. by Tom Olzak
- Tags: Software, Application, Adobe Acrobat, Image, Tool, Secunia, Security Tool, Personal Software Inspector, Security, Tom Olzak
- Blog posts 2008-06-25
- Managing risk with After Action Reviews
- Responding to security incidents, whether they are malicious or accidental, requires a final step that many organizations neglect. An After Action Plan AAR helps to reduce the probability of a recurrence and improve response activities. Tom Olzak shows you how to execute a standard AAR. by Tom Olzak
- Tags: Action Plan, Team, AAR, Team Management, Management, Tom Olzak
- Blog posts 2008-06-24
- Use the revised OWASP Top Ten to secure your Web applications -- Part 8
- In this final installment in the revised Open Web Application Security Project OWASP Top 10 series, the final three vulnerabilities are explored -- insecure cryptographic storage, insecure communications, and failure to restrict URL access. Tom Olzak explains the nature of these weaknesses followed by recommendations for protecting Web applications from...
- Tags: Web Application, Tom Olzak
- Download resources 2007-06-13
- Use the revised OWASP Top Ten to secure your Web applications - Part 7
- The seventh installment in the 2007 OWASP Top 10 series takes a look at broken authentication and session management vulnerabilities. Tom Olzak explains the nature of this weakness followed by recommendations for protecting Web applications from attacks related to this security problem. This download is also available...
- Tags: Web Application, Tom Olzak, Security
- Download resources 2007-06-06
- Deal responsibly with identity data breaches
- Most security managers are aware of some form of the 5 steps for handling an incident: prevent, detect, contain, eradicate, and recover. These steps are usually sufficient for those incidents in which Personally Identifiable Information PII or electronic Protected Health Information ePHI isn't compromised. However, a breach of individual identity...
- Tags: Security, Medical Identity Theft, Leadership, IT Management, Identity Theft, data theft, Cybercrime, Computer Crime, Compliance
- Blog posts 2007-06-21
- FBI rounds up bot-herders, national security at stake
- During the May 2007 Anti-Phishing Working Group Counter eCrime summit in San Francisco, researcher Joe St. Sauver spoke about the need for a government agency to step up and help in the war against consumer computer compromise. He stated that consumers aren't capable of taking the steps necessary to prevent...
- Tags: Viruses, Virus, Leadership, Internet, Security, Attack mitigation, Computer Crime, Computer Forensics, Cybercrime, Cyberwarfare
- Blog posts 2007-06-18
- Data owners are not always the final word in data protection
- Data owners are responsible for determining who accesses sensitive information as well as the level of access (i.e. read, write, etc.), but at what point should data owner approval be checked by the security team? In other words, when is it appropriate for Security to deny a data owner approved...
- Tags: Risk Management, Leadership, Security Solutions, Security, Compliance
- Blog posts 2007-06-14
- Use the revised OWASP Top Ten to secure your Web applications -- Part 8
- This blog entry is also available as a TechRepublic download in PDF form.In this final installment in the revised Open Web Application Security Project OWASP Top 10 series, the final three vulnerabilities are explored -- insecure cryptographic storage, insecure communications, and failure to restrict URL access. The final three vulnerabilities...
- Tags: Software Development, Programming, Security, Application Development
- Blog posts 2007-06-13
- Consumers 0, Cybercriminals 1: the public disclosure debate
- It's become great sport—and often profitable—to identify vulnerabilities in applications, operating systems, and LAN/WAN device controlling software. These activities are not in themselves a problem. It's the efforts of white hat hackers that help vendors tighten up product security and increase user awareness of high risk environments or actions. But...
- Tags: Security, Attack mitigation, Cybercrime, Computer Crime, patching, vulnerability, Threats, Hacking, Antivirus Research
- Blog posts 2007-06-11
- The growing threat of cyberwarfare
- Recent events have shown that certain nations are ready and willing to use cyberwarfare to push national agendas. What does this mean to nations, and businesses, that rely on the Internet for their economy or defense?Estonia appears to be the first nation to become the target for governmentally sponsored cyberwarfare. ...
- Tags: Threats, Security, Leadership, Government, Cyberwarfare
- Blog posts 2007-06-07
- Google Assessment - Patching is critical to web server security
- In a recent blog post, the Google Anti-Malware Team wrote that Microsoft IIS servers account for 49 percent of all web sites hosting or distributing malicious code. This was based on an examination of approximately 70,000 domains that have either distributed or hosted malware during the previous month. The result of...
- Tags: Software Piracy, patching, Microsoft, IT Management, Internet, IIS, Hacking, Google, Cybercrime, Antivirus Research, Antivirus
- Blog posts 2007-06-06
- Use the revised OWASP Top Ten to secure your Web applications -- Part 7
- This article is also available as a TechRepublic download.The seventh installment in the 2007 OWASP Top 10 series takes a look at broken authentication and session management vulnerabilities. Tom Olzak explains the nature of this weakness followed by recommendations for protecting Web applications from attacks related to this security problem.Broken...
- Tags: Web applications, Security, Hacking, Encryption, cryptography, Authentication
- Blog posts 2007-06-06